ICMP packets

Is there any difference in the way firewalls treat ICMP packets for ping and traceroute commands?

a ping shows a succesfull response where as traceroute shows a timeout at one of the intermediate nodes

ex:
traceroute:
6 * * <ipaddress> 2.020 ms
7 * * *
8 <ip address> 9.378 ms 9.368 ms 9.850 ms

as can be seen 7 th hop has timedout

ping to the same destination:

PING <IP address> byte packets
100 packets transmitted, 100 packets received, 0% packet loss

Like 0 Replies 8

Replies

Welcome, guest

Join CrazyEngineers to reply, ask questions, and participate in conversations.

Sign up Log in

CrazyEngineers powered by Jatra Community Platform

  • Ashraf HZ

    Ashraf HZ

    @Ash Aug 19, 2009

    Between Ping and Traceroute? The firewall would probably treat all ICMP traffic the same, only that its is a Network layer protocol rather than Data.

    But I guess between the likes of ICMP and TCP for example, firewall will be able to distinguish different layers of protocol.

    0
  • durga ch

    durga ch

    @durga-TpX3gO Aug 19, 2009

    mm,, differentiate between different types of packets eh?

    0
  • Ashraf HZ

    Ashraf HZ

    @Ash Aug 19, 2009

    Actually, my bad! Some firewalls are able to do specific ICMP filtering. I suppose you can allow specific types of ICMP traffic to go through 😀

    For ping it would be an echo request. Not sure about traceroute though.

    0
  • durga ch

    durga ch

    @durga-TpX3gO Aug 20, 2009

    ooo thats Ok, may be that can be tested this weekend 😁
    I will 'ping' and 'traceroute' and try to capture few packets and then may be I will be able to deduce something out of it.

    0
  • Ashraf HZ

    Ashraf HZ

    @Ash Aug 21, 2009

    Haha, have fun! If you do detect some weird traffic.. it isnt me.. *quickly severs connection*

    😛

    0
  • durga ch

    durga ch

    @durga-TpX3gO Aug 22, 2009

    looks like both are same:

    I pinged and tracert my uni 😁
    ICMP:
    [​IMG]


    PING:
    [​IMG]

    0
  • Ashraf HZ

    Ashraf HZ

    @Ash Aug 24, 2009

    Thats weird.. a Tracert packet should have been identified as a type 11 ICMP. I just checked that my firewall has options to filter out type 8 (ping) and type 11 (tracert) 😛

    0
  • durga ch

    durga ch

    @durga-TpX3gO Aug 26, 2009

    just a sec, I missed out without actaulyl finishing this discussion.
    From the screenshots i have put up it looks like type is 8 -echo for both of them , I did a bit of look around in google and found that type 8 is echo ( as expected) but type 11 is -time exceeded . is that the reason why you did not recieve a resposne back?

    0